Description
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
Published: 2026-02-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass (LDAP)
Action: Patch Now
AI Analysis

Impact

Fortinet FortiOS versions 7.6.0 through 7.6.4 contain a flaw that may allow an unauthenticated attacker to bypass LDAP authentication for Agentless VPN or FSSO policies when the remote LDAP server is configured in a particular way. This bypass undermines the authentication mechanism, potentially enabling an attacker to connect to protected resources without valid credentials. The weakness is classified as CWE-305, an authentication bypass due to insufficient credential handling.

Affected Systems

FortiOS 7.6.0, 7.6.1, 7.6.2, 7.6.3, and 7.6.4 from Fortinet are impacted. Upgrading to FortiOS 7.6.5 or any 8.0.0 release removes the vulnerability. System administrators should verify that their deployment runs a patched version.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity risk, while the EPSS score of less than 1% suggests exploitation is currently unlikely. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is remote, as an unauthenticated attacker could target the VPN or FSSO service to trigger the bypass.

Generated by OpenCVE AI on April 18, 2026 at 12:50 UTC.

Remediation

Vendor Solution

Upgrade to upcoming FortiOS version 8.0.0 or above Upgrade to FortiOS version 7.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Fortinet FortiOS to version 7.6.5 or 8.0.0 and above.
  • Reconfigure the remote LDAP server or FortiOS LDAP settings to remove the specific configuration that triggers the bypass.
  • Monitor authentication logs for anomalous attempts and verify that LDAP authentication functions correctly after the upgrade.

Generated by OpenCVE AI on April 18, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
First Time appeared Fortinet
Fortinet fortios
Weaknesses CWE-305
CPEs cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortios
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C'}

Subscriptions

Fortinet Fortios
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-02-26T15:04:11.526Z

Reserved: 2026-01-06T15:01:17.446Z

Link: CVE-2026-22153

cve-icon Vulnrichment

Updated: 2026-02-25T15:55:04.748Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T16:16:11.050

Modified: 2026-02-12T16:03:10.500

Link: CVE-2026-22153

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses